(aws-route53resolver): firewallDomainRedirectionAction example values have the wrong casing

[DanielAnfelt]

Describe the issue

In a CfnFirewallRuleGroup, you can list firewallRules, which in turn can have a property firewallDomainRedirectionAction. The property is allowed to have the values INSPECT_REDIRECTION_DOMAIN | TRUST_REDIRECTION_DOMAIN

Reading the documentation that is shipped with the cdk library, it says

        /**
         * How you want the the rule to evaluate DNS redirection in the DNS redirection chain, such as CNAME, or DNAME.
         *
         * `Inspect_Redirection_Domain` (Default) inspects all domains in the redirection chain. The individual domains in the redirection chain must be added to the domain list.
         *
         * `Trust_Redirection_Domain` inspects only the first domain in the redirection chain. You don't need to add the subsequent domains in the domain in the redirection list to the domain list.
         *
         * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53resolver-firewallrulegroup-firewallrule.html#cfn-route53resolver-firewallrulegroup-firewallrule-firewalldomainredirectionaction
         */
        readonly firewallDomainRedirectionAction?: string;

It's is caught by the validation in Cloudformation.

Links

I believe the root cause could be here, where the example values are incorrectly cased. The correct values are also available in that page, but that part is omitted in the cdk-lib file, which only shows the unsupported values.

https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/aws-properties-route53resolver-firewallrulegroup-firewallrule.html#cfn-route53resolver-firewallrulegroup-firewallrule-firewalldomainredirectionaction

[pahud]

Yes, CDK essentially generates L1 constructs from CFN spec and this is exactly what's described in CFN docs.

I'll bring this up to CFN team to get it fixed from upstream and after that CDK docs should update accordingly.